<meta http-equiv="Content-Security-Policy" content="default-src https: ; script-src 'report-sample' 'unsafe-inline' 'strict-dynamic' https://www.gstatic.com/recaptcha/api2/ 'self' 'nonce-IwDw1O7SPWXgdACpTA9h4mEex49PzmNE'; child-src https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src https: data: blob: ; style-src https: 'unsafe-inline'; object-src 'none'; base-uri 'none'; report-uri /csp.do">
<!-- Strong CSP example from https://csp-evaluator.withgoogle.com/?csp=bugs.chromium.org -->